On Tue, Nov 24, 2015 at 09:00:21AM +0000, Linmujia wrote:
>
> linmujia - Nov. 24, 2015, 04:03 p.m.
>
> Signed-off-by: linmujia <linmujia@xxxxxxxxxx>
> ---
> hello ,i reviewed nftables code and found some bugs of return value.
>
> Thanks!
>
>
>
> Patch
>
> diff --git a/src/netlink.c b/src/netlink.c
> index 974afb1..c555621 100644
> --- a/src/netlink.c
> +++ b/src/netlink.c
> @@ -307,6 +307,8 @@ static void netlink_gen_verdict(const struct expr *expr,
> strncpy(data->chain, expr->chain, NFT_CHAIN_MAXNAMELEN);
> data->chain[NFT_CHAIN_MAXNAMELEN-1] = '\0';
> break;
> + default:
> + BUG("invalid verdict value %u\n", expr->verdict);
> }
> }
>
> @@ -467,7 +469,7 @@ static int list_rule_cb(struct nftnl_rule *nlr, void *arg)
> if (h->family != family ||
> strcmp(table, h->table) != 0 ||
> (h->chain && strcmp(chain, h->chain) != 0))
> - return 0;
> + return -1;
I'm not sure I understand your intention, but this is not OK.
The iteration stops if we return -1, if we return 0 we keep iterating
over the list of objects to find a matching.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
